gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-26 04:41:13 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,638 Commits 45 Branches 48 Tags
91f1d4132419ced2d819118564e32606a449c294
Commit Graph

3638 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yacine Elhamer
91f1d41324 extract registry keys, files, and mutexes from the sample 2023-06-14 22:57:41 +01:00
Yacine Elhamer
0cd481b149 remove redundant comments 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-14 22:42:25 +01:00
Yacine Elhamer
a66c55ca14 add the initial version of the cape extractor 2023-06-14 22:34:11 +01:00
Yacine Elhamer
18715dbe2e fix typo bug 2023-06-14 21:47:40 +01:00
Willi Ballenthin
23dee61389 Merge branch 'dynamic-feature-extraction' into cape-extractor 2023-06-14 12:41:08 +02:00
Willi Ballenthin
23dc3f29cd Merge pull request #1528 from yelhamer/dynamic-extractor 
add a Dynamic extractor interface
 2023-06-14 11:00:06 +02:00
Willi Ballenthin
4c701f4b6c Update capa/features/extractors/base_extractor.py 2023-06-14 10:59:07 +02:00
Willi Ballenthin
7a94f524b4 Update capa/features/extractors/base_extractor.py 2023-06-14 10:58:59 +02:00
Willi Ballenthin
23deb41436 Update capa/features/extractors/base_extractor.py 2023-06-14 10:58:50 +02:00
Yacine Elhamer
7198ebefc9 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 09:58:33 +01:00
Willi Ballenthin
32cb57532e Merge branch 'dynamic-feature-extraction' into dynamic-extractor 2023-06-14 10:54:44 +02:00
Yacine Elhamer
edcfece993 remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 09:33:24 +01:00
Yacine Elhamer
baf209f3cc remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 09:33:07 +01:00
Yacine Elhamer
ece47c9ed5 add ppid documentation to the dynamic extractor interface 2023-06-14 09:05:53 +01:00
Yacine Elhamer
3d40ed968a Merge branch 'dynamic-features' into cape-extractor 2023-06-13 23:04:44 +01:00
Yacine Elhamer
10f56de5e8 Merge branch 'dynamic-extractor' into dynamic-features 2023-06-13 23:03:33 +01:00
Yacine Elhamer
5ee4fc2cd5 add parent process id to the process handle 2023-06-13 23:02:00 +01:00
Yacine Elhamer
a7917a0f3d add cape's thread features' extraction module 2023-06-13 22:56:15 +01:00
Yacine Elhamer
0274cf3ec7 add cape's global features' extraction module 2023-06-13 22:55:42 +01:00
Yacine Elhamer
3aa7c96902 add cape extractor class 2023-06-13 22:54:52 +01:00
Stephen Eckels
7ef78fdbce explorer: optimize cache and extractor interface (#1470) 
* Optimize cache and extractor interface

* Update changelog

* Run linter formatters

* Implement review feedback

* Move rulegen extractor construction to tab change

* Change rulegen cache construction behavior

* Adjust return values for CR, format

* Fix mypy errors

* Format

* Fix merge

---------

Co-authored-by: Stephen Eckels <stephen.eckels@mandiant.com>
 2023-06-13 12:00:06 -06:00
Yacine Elhamer
ffa1851bbf Merge branch 'dynamic-features' into cape-extractor 2023-06-13 14:26:34 +01:00
Yacine Elhamer
45c3345bbc Merge branch 'dynamic-extractor' into dynamic-features 2023-06-13 14:26:14 +01:00
Yacine Elhamer
a6ca3aaa66 remove from_trace() and submit_sample() methods 2023-06-13 14:23:50 +01:00
Capa Bot
43b2ee3c52 Sync capa rules submodule 2023-06-12 12:28:18 +00:00
Capa Bot
85a7c87830 Sync capa rules submodule 2023-06-12 12:18:23 +00:00
Willi Ballenthin
2d7e20f532 Merge pull request #1527 from xusheng6/fix_bn_unit_test 
Update the stack string detection with BN's builtin outlining of constant expressionss
 2023-06-12 10:41:15 +02:00
Capa Bot
cc993b67a3 Sync capa rules submodule 2023-06-12 06:58:29 +00:00
Yacine Elhamer
5a10b612a1 add a Mutex feature 2023-06-12 00:06:53 +01:00
Yacine Elhamer
632b3ff07c add a Filename feature 2023-06-12 00:06:05 +01:00
Yacine Elhamer
efe1d1c0ac add a Registry feature 2023-06-12 00:05:20 +01:00
Yacine Elhamer
86e2f83a7d extend the API feature to support an strace-like argument style 2023-06-11 23:19:24 +01:00
Yacine Elhamer
a2b3a38f86 add the cape extractor's file hierarchy 2023-06-10 20:06:57 +01:00
Yacine Elhamer
f243749d38 get_threads(): fix mypy typing 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-09 09:03:49 +00:00
Yacine Elhamer
dac103c621 fix bad comment 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-09 09:03:09 +00:00
Xusheng
a74911e926 Add a test that asserts on the binja version 2023-06-09 13:44:07 +08:00
Xusheng
8cc16e8de9 Update the stack string detection with BN's builtin outlining of constant expressions 2023-06-09 13:41:53 +08:00
Yacine Elhamer
35e53e9691 add abstract DynamicExtractor class 2023-06-08 23:15:29 +00:00
Capa Bot
0559e61af1 Sync capa rules submodule 2023-06-08 08:41:14 +00:00
Capa Bot
2fe0713faa Sync capa rules submodule 2023-06-07 10:17:28 +00:00
Willi Ballenthin
28629b352c Merge pull request #1502 from Aayush-Goel-04/Aayush-Goel-04/Issue#1411 
Update Metadata type in capa main
 2023-06-06 13:04:35 +02:00
Aayush Goel
e5f79c9f5c Merge branch 'mandiant:master' into Aayush-Goel-04/Issue#1411 2023-06-06 13:04:19 +05:30
Aayush Goel
c6815ef126 Update Model and FrozenModel Class 2023-06-06 13:02:30 +05:30
Willi Ballenthin
57095175d2 Merge pull request #1443 from yelhamer/feature-static-api-names 
Extract api names from ELF debug symbols [vivisect]
 2023-06-05 14:54:34 +02:00
Yacine Elhamer
5b260c00f4 fix symtab FunctionName feature scope address 2023-06-05 13:37:19 +01:00
Yacine Elhamer
9b0fb74d94 fix typo: "Elf" to "elf" 2023-06-05 13:36:50 +01:00
Yacine Elhamer
103b384c09 fix viv/extractor.py codestyle imports 2023-06-05 12:17:27 +01:00
Yacine Elhamer
65f18aecc8 fix mypy typing issues 2023-06-05 12:14:56 +01:00
Yacine Elhamer
e971bc4044 fix codestyle issues 2023-06-05 12:01:39 +01:00
Aayush Goel
b4870b120e Remove from_capa API for MetaData 2023-06-03 15:33:49 +05:30